In U.S. Patent Application Publication No. 2004/0139340, Johnson et al. discusses problems with making encryption algorithms secure against so-called “white-box attacks,” such as statistical and data flow analyses, by attempts that include using dummy code to hide real code. Johnson et al. offers an alternative solution that includes widely diffusing sites of information transfer, combination, or loss, and generating more functions and transforms that alter the processing activity visible to an attacker. These solutions are applied in an exemplary implementation that is directed to securing smart cards that use the DES algorithm or a variant thereof.
In U.S. Patent Application Publication No. 2003/0044003, Chari et al. discloses a method and system for implementing table lookups that is resistant to side channel attacks. A table mask operation is used, in which the entries in the masked table are statistically independent of the entries in the original table. The table mask operation is performed with either or both of (1) a table split operation, for large tables or tables with large index sizes; or (2) a table aggregate operation, where a number of tables are aggregated into one table.
In U.S. Patent Application Publication No. 2003/0093684, Kaiserwerth et al. discusses potential vulnerabilities of encryption algorithms, especially to power analysis attacks. In this context they note that the small key size (effectively 56 bits) of single DES is no longer considered to be secure against key exhaustion attacks, necessitating the evolution to variants such as triple DES (run three times as encrypt-decrypt-encrypt using at least two and preferably three independent keys). Further, the S-boxes in DES are potentially vulnerable to differential analysis of S-box inputs and outputs so as to obtain 48 out of the 56 key bits. Kaiserwerth et al. discloses several measures to thwart this type of attack, including using masking operations and Hamming-neutral bit strings.
In U.S. Pat. No. 6,278,783, Kocher et al. discloses an improved DES implementation in which S-box tables are blinded and randomly permuted on a regular basis, and both the key and message blocks are blinded to produce permutable two-part values related to the original values by a bitwise XOR operation.
In general, side-channel attacks involve externally monitoring power consumption or electro-magnetic emissions of the cryptographic hardware during execution of a targeted cipher algorithm, and attempting to correlate the timing profile of the monitored characteristic with the target algorithm in order to obtain useable information regarding the key. For example, one such attack may directly target that portion of an algorithm's execution at the input side of an algorithm's S-boxes, where data are XORed with subkeys in a given round. One way to protect an encryption algorithm against side-channel attacks would be to use a randomized masking or blinding method, i.e., running numerous fake or dummy operations along with the true operation. However, a problem with such randomized masking is that the entropy injected in the execution of the added dummy operations is not controlled, so that it is still possible to uncover the true operation using statistical techniques.